Today at Amazon Web Services (AWS) re:Invent we announced some new applications and integrations with popular AWS services, including the newly-released AWS Security Hub, AWS WAF and AWS Aurora for MySQL and PostgresSQL.
Some of today’s most innovative companies are increasingly moving from on-premises to public cloud environments to architect their mission-critical applications because that gives them the flexibility they need to deploy their services at scale without impacting the overall customer experience.
From our own data, we know that 70 percent of our current customers are building on AWS, while a growing number of them are adopting multiple public cloud environments to further provide flexible and scalable solutions. This trend is only going to grow as businesses of all sizes are transforming at an unprecedented rate in order to compete in the digital era.
With these latest integrations and applications for AWS, Sumo Logic continues to stay abreast of evolving operations, security and business trends and challenges with the goal of providing our customers with the most comprehensive and unified machine data analytics platform.
Sumo Logic Integration and App for AWS Security Hub
As an official launch partner for AWS Security Hub, we’re continuing to demonstrate our commitment to our customers on delivering top notch security services and integrations with other world-class leaders that prioritize security.
What is AWS Security Hub?
AWS Security Hub provides users with a comprehensive view of their high-priority security alerts and compliance status by aggregating, organizing, and prioritizing alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from APN security solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.
Security Hub aggregates alerts from four AWS services (Config, GuardDuty, Inspector and Macie) as well as from AWS Partner Network (APN) security solutions.
What are the Benefits of our Integration?
Through our integration with Security Hub and a new Sumo Logic application for AWS Security Hub, Sumo Logic helps complete the security response lifecycle with our unique security analytics capabilities.
Our AWS customers can ingest all of the findings from within the AWS Security Hub console into the Sumo Logic platform so analysts can correlate events across vendors, investigate them, and then take actions to respond to attacks and threats.
Additionally, the Sumo Logic integration with AWS Security Hub extends compliance checks to a number of other key regulatory frameworks such as PCI, GDPR, HIPAA, among others.
To learn more about Sumo Logic’s integration with AWS Security Hub, visit our application page, and get started today!
Why Does this Matter?
Modern IT enterprises continue to move more workloads to the AWS cloud ecosystem at a faster rate to gain competitive advantages and improve their application infrastructure. As one would expect, malicious agents are also increasingly targeting cloud applications and their resources. It has become more important than ever for cloud security companies to work more closely together to address these increasing security threats.
AWS has taken an important step in this battle by creating a place where AWS and security partners can combine security and compliance alerts from their own products for sharing with others. And now, with the AWS Security Hub, Sumo Logic customers can pull all the alerts from products in the AWS ecosystem into the Sumo Logic analytics platform via a single point of integration. This allows security and compliance analysts to correlate security events from all their security applications easily and promptly to fully understand attacks and security gaps so they can be addressed before harm is done.
We can’t solve the modern security challenge alone. It will take the combined efforts of security partners to keep workloads in AWS safe and secure. It will also require continued collaboration from some of the world’s most forward-thinking companies like AWS, Sumo Logic and the AWS security ecosystem to bring continued innovations and partnerships to market that help companies continue to scale their businesses and accelerate their security programs.
Sumo Logic App for AWS WAF
Sumo Logic is also announcing full support for AWS WAF. AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.
What are the Benefits of our Integration?
The ability to ingest, process and make sense of all the traffic flowing through your WAF can be challenging and time consuming for customers.
The Sumo Logic app for AWS WAF analyzes web requests flowing through AWS WAF and automatically detects threats via Sumo Logic Threat Intel. The app provides pre-configured dashboards and searches that allow you to monitor threat and traffic details by AWS WAF rules, client IP, allowed and blocked traffic, malicious IPs, threat actors, location, trends and more.
AWS WAF can be configured to send its logs to an AWS Kinesis Firehose stream, which can be further configured to set its destination to an AWS S3 bucket. Sumo Logic can then read the logs in this bucket via an S3 Source of a Hosted Sumo Logic Collector.
With the Sumo Logic application for AWS WAF, you now can:
- Monitor how AWS WAF rules are being enforced and determine how traffic is being affected
- Detect malicious clients and drill-down into threat specifics using advanced threat intelligence
- Alert on malicious traffic in your AWS WAF environment
- Easily filter and search across many Web Application Firewall Rules, Web ACL IDs, and WAF data from multiple AWS accounts in one place
- Collect and correlate CloudFront or ELB data with Sumo Logic to accelerate investigations and resolution times of security issues
With the Sumo Logic app for AWS WAF logs, customers have multiple dashboards available to them to better be able to visualize their WAF data and identify where they need to dive deeper for further operational and security analysis.
For more information on all of the dashboards and capabilities available to customers, visit the Sumo Logic app for WAF landing page, or our DocHub page on AWS WAF log collection, and be sure to keep an eye out for a more detailed technical blog on this topic on the AWS APN blog coming soon!
Why Does This Matter?
As the threat surface continues to expand and attackers become increasingly sophisticated, the ability to quickly detect and remediate malicious activity to your modern application stack is crucial. In today’s digital world, any disruption or downtime to your applications not only translates to lost revenue, but it also puts your customers at risk and impacts their overall experience.
With pre-built apps for AWS, Sumo Logic provides custom dashboards and insights to leverage AWS data sources and integrate it with additional sources of analytics. This enables customers to gain additional value and reduce the complexity of managing security and compliance for all AWS environments (and beyond).
Additionally, the Sumo Logic platform incorporates industry-leading threat intel beyond the AWS environment for a more holistic and centralized view of your security and compliance posture with industry standards like PCI, HIPAA, SOC 2, and soon, the General Data Protection Regulation (GDPR).
Sumo Logic App for Aurora MySQL and Postgres
We have two new applications available to our customers as of today in support of Amazon Aurora. These applications are designed to provide complete visibility into the performance and operations of Amazon Aurora MySQL and PostgresSQL databases.
- Aurora MySQL ULM: A unified logs and metrics (ULM) app for your Aurora MySQL database. The app allows you to monitor slow queries executing on the database, the number of connections made, identify users, client hosts, and client locations used to connect to database. The app also provides insights for queries executed per second, CPU utilization, free memory, network utilization, volume read and write input/output operations per second (IOPS), replica lags, latency, throughput, failed login/connection attempts, and other health and performance related data.
- Aurora PostgreSQL ULM: A ULM app for your Aurora PostgreSQL database. The app allows you to monitor the number of connections made, CPU utilization, free memory, network utilization, volume read/write IOPS, disk queue depth, replica lags, latency, throughput and other resource utilization details. With AWS CloudTrail logs, the app allows you to identify user, client host and client locations being used to configure Aurora PostgreSQL infrastructure.
For more information on how to collect unified logs and metrics from the above Aurora apps in order to better monitor and troubleshoot important issues and events data, check out our in-depth technical blog.
Say Hello at re:Invent
Sumo Logic will be showcasing our cloud-native machine data analytics platform at AWS re:Invent this week, November 26-29, 2018 in Las Vegas at booth #840.
If you’ll be at the conference and want to learn more about what we’re up to or to learn more about any of the above integrations and apps, stop by to chat with us!
Visit our AWS re:Invent page here for more information on Sumo Logic’s presentations, activities and events at the conference.